PT-2026-36999 · Eclipse Foundation · Eclipse Equinox Osgi
Published
2026-05-05
·
Updated
2026-05-16
·
CVE-2023-54344
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Eclipse Equinox OSGi versions 3.7.2 and earlier
Description
An issue allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface. Attackers can connect to the OSGi console port and send base64-encoded bash commands wrapped in fork directives to achieve code execution and establish reverse shell connections.
Recommendations
Update to a version later than 3.7.2.
Exploit
Fix
RCE
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Eclipse Equinox Osgi